Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7a373ce863...d2.exe

windows7-x64

3

7a373ce863...d2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2022, 12:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe

  • Size

    95KB

  • MD5

    a2ba9aac30028498cc33fb874ab8ba2e

  • SHA1

    5ba172a029f34c68b4eb928c0ac4fd84ddd8b015

  • SHA256

    7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2

  • SHA512

    7c4f112cb6737f666c0c3cfcd5aa9f00989644dbf4d565674bd98b216a8ffe5f492d433c9c18ba33007e973eb848d51c203cb714a7d6607de5568f73ca991a65

  • SSDEEP

    768:e06R0UKzOgnKqGR7//GPc0LOBhvBrHks3IiyhDYQbGmxlNaM+WGa1wuxnzgOYw9Y:sR0vxn3Pc0LCH9MtbvabUDzJYWu3B

Score
10/10
ramnitbankerspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 1 IoCs
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe
    "C:\Users\Admin\AppData\Local\Temp\7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4676
    • C:\Program Files (x86)\Microsoft\WaterMark.exe
      "C:\Program Files (x86)\Microsoft\WaterMark.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:4624
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\system32\svchost.exe
        3⤵
          PID:4932
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 212
            4⤵
            • Program crash
            PID:4180
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4520
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4520 CREDAT:17410 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:260
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3740
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3740 CREDAT:17410 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:100
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4932 -ip 4932
      1⤵
        PID:2304

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        Filesize

        95KB

        MD5

        a2ba9aac30028498cc33fb874ab8ba2e

        SHA1

        5ba172a029f34c68b4eb928c0ac4fd84ddd8b015

        SHA256

        7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2

        SHA512

        7c4f112cb6737f666c0c3cfcd5aa9f00989644dbf4d565674bd98b216a8ffe5f492d433c9c18ba33007e973eb848d51c203cb714a7d6607de5568f73ca991a65

        Download Submit

      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        Filesize

        95KB

        MD5

        a2ba9aac30028498cc33fb874ab8ba2e

        SHA1

        5ba172a029f34c68b4eb928c0ac4fd84ddd8b015

        SHA256

        7a373ce8630144503badff342549f0aa9efc919a81d11613d504668e5fecbad2

        SHA512

        7c4f112cb6737f666c0c3cfcd5aa9f00989644dbf4d565674bd98b216a8ffe5f492d433c9c18ba33007e973eb848d51c203cb714a7d6607de5568f73ca991a65

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        5ddb1febcd291eb59d3d67d24a05bfd0

        SHA1

        fe957affe27cb991f332e7f5c86d3a15359bd3b9

        SHA256

        ec45a385c906b3d925ebbe6532d10adec9a14c1733c756c64db5133bd9d88dcb

        SHA512

        62d00893402fae125ae3428da2495b0eb864b125f975cd887f894f7298a4a86f361cf50aaa7c9b69f3dcb734a950c43472778ea4062b3146c3de5623d08dcd21

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        5ddb1febcd291eb59d3d67d24a05bfd0

        SHA1

        fe957affe27cb991f332e7f5c86d3a15359bd3b9

        SHA256

        ec45a385c906b3d925ebbe6532d10adec9a14c1733c756c64db5133bd9d88dcb

        SHA512

        62d00893402fae125ae3428da2495b0eb864b125f975cd887f894f7298a4a86f361cf50aaa7c9b69f3dcb734a950c43472778ea4062b3146c3de5623d08dcd21

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        434B

        MD5

        5d1c64b49cdd2b34c17031d624d03719

        SHA1

        2f07e06ec560299276749cbb4f2ffe2c91bdc3db

        SHA256

        1134d498779f8173a61ddc390dba42d0a2e2209a4372df0cc4b634e32e54b5bd

        SHA512

        faffc12db912b83aa974d6f3f1b98b6b5778c2902505a17f0370056c7e3a001f95771c01dc131b6a663fccd0c59d5b35c36e19c9dc1eaad9263c4c34d8b8a789

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        434B

        MD5

        c2c9c2819a2dcbbf8b027a2ea0f85e21

        SHA1

        9b3eac8b085a106d589ad50cf7850cd8e78f1343

        SHA256

        34c194e82886d2584cd45a3bbdbb72a39df114b5df0ba9dea43c30a6913a792f

        SHA512

        e60e7d545e4bcafc12f0a755d2a83cbe5b429e555d0bff9a20c2f390607326b28a736b89a9761d7e37b4dd28d19c0932a531ef956c663d65a5dee9795bc496ca

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E371774F-58D1-11ED-AECB-C2DBB15B3A76}.dat
        Filesize

        3KB

        MD5

        7418490eec235f25366b811d19769fc4

        SHA1

        056da5b3901acae768f50ba7a3adb846d328082c

        SHA256

        8039130c65801bf531bf690af67526af11eaefbf8e84010cfb114113348bab23

        SHA512

        11c16a89da4fa382191139b9c35143d1d94f93cf51e68f586cbdc1d40da134b16266f8d4fd5cc3bbd8a5c0331ac9ee97e61f54111200cf8869aac77080a34f4d

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E3719E5F-58D1-11ED-AECB-C2DBB15B3A76}.dat
        Filesize

        5KB

        MD5

        00afea85dc072836af9beccb4ebbd1c6

        SHA1

        ccef4ccdd71ae0346ce5ccb7f57b1776eb9b7e82

        SHA256

        e8762c06006a5206f706043d374b032a719dd8d9251630bf5c18f69b0174dc97

        SHA512

        63c89faf69c9eece10158befac51107afb303ee27de7832df578548c98f7981298fbd76d11f483639b9a9624c76d10a047fed45390ea25b89166de3de7073e3f

        Download Submit

      • memory/4624-149-0x0000000000400000-0x0000000000459000-memory.dmp

        Filesize

        356KB

        Download

      • memory/4624-154-0x0000000000400000-0x0000000000459000-memory.dmp

        Filesize

        356KB

        Download

      • memory/4624-150-0x0000000000400000-0x0000000000459000-memory.dmp

        Filesize

        356KB

        Download

      • memory/4624-147-0x0000000000400000-0x0000000000459000-memory.dmp

        Filesize

        356KB

        Download

      • memory/4624-157-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/4624-155-0x0000000000400000-0x0000000000459000-memory.dmp

        Filesize

        356KB

        Download

      • memory/4624-148-0x0000000000400000-0x0000000000459000-memory.dmp

        Filesize

        356KB

        Download

      • memory/4624-156-0x0000000000400000-0x0000000000459000-memory.dmp

        Filesize

        356KB

        Download

      • memory/4624-153-0x0000000000400000-0x0000000000459000-memory.dmp

        Filesize

        356KB

        Download

      • memory/4676-144-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/4676-132-0x0000000000400000-0x0000000000459000-memory.dmp

        Filesize

        356KB

        Download

      • memory/4676-136-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/4676-135-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download